Project

General

Profile

Enhancement #648

Updated by Marc Dequènes about 1 month ago

Please update the TODOs below and add a note to comment on the progress.

Identified oneshot changes:
* -add buster in our repo and check if packages needs to be ported- (spoolinger is done, lxd needs more work, nothing else needs porting)
* Migrating from legacy network interface names: see https://www.debian.org/releases/buster/amd64/release-notes/ch-information.en.html#migrate-interface-names
* /usr is now merged by default and most softwares expect path to be updated: there is no reason to diverge from the Debian installation and that would cause annoying config changes; installing the `usrmerge` package solves it
** -molly-guard problems (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930131)- (molly-guard and usrmerge backported in our repo)
* SysV init related packages no longer required: apt purge initscripts sysv-rc insserv startpar
* PostgreSQL databases need to be reindexed: sudo -u postgres reindexdb --all

Identified deployment changes:
* -hidepid hidepid with systemd and polkit: see https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid- https://wiki.debian.org/Hardening#Mounting_.2Fproc_with_hidepid
* -install debian-security-support- install debian-security-support

Problematic softwares:
* phpmyadmin: not in Buster but still in Debian; I see a "RFA":https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879741 with work towards newer versions but that requires many new dependencies, thus a backport of the latest 4.6.6 in our repo seems to be the way to go as I don't think an official backport is going to happen
* ftp-ssl: still in Debian but missing in Buster because it was not ready for openssl 1.1; 0.17.34+0.2-4.1 contains a patch and could be backported in our repo (unless it comes in Debian first)

Back